/alcasar.sh |
---|
44,7 → 44,6 |
# cron : Logs export + watchdog + connexion statistics |
# fail2ban : Fail2ban installation and configuration |
# post_install : Security, log rotation, etc. |
# gammu_smsd : Autoregister addon (gammu-smsd) |
DATE=`date '+%d %B %Y - %Hh%M'` |
DATE_SHORT=`date '+%d/%m/%Y'` |
66,7 → 65,6 |
# ******* DBMS parameters - paramètres SGBD ******** |
DB_RADIUS="radius" # database name used by FreeRadius server |
DB_USER="radius" # user name allows to request the users database |
DB_GAMMU="gammu" # database name used by Gammu-smsd |
# ******* Network parameters - paramètres réseau ******* |
HOSTNAME="alcasar" # |
DOMAIN="localdomain" # default local domain |
987,7 → 985,7 |
groupadd -f chilli |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli |
} # End of param_chilli () |
################################################################## |
## Fonction "param_dansguardian" ## |
## - Paramètrage du gestionnaire de contenu Dansguardian ## |
1659,73 → 1657,6 |
reboot |
} # End post_install () |
################################################################## |
## Fonction "gammu_smsd" ## |
## - Creation de la base de donnée Gammu ## |
## - Creation du fichier de config: gammu_smsd_conf ## |
## ## |
################################################################## |
gammu_smsd() |
{ |
# Create 'gammu' databse |
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec" |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES" |
# Add a gammu database structure |
mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql |
# Creation du fichier de config gammu_smsd_conf |
cat << EOF > /etc/gammu_smsd_conf |
[gammu] |
port = /dev/ttyUSB0 |
connection = at115200 |
;######################################################## |
[smsd] |
PIN = 1234 |
logfile = /var/log/gammu-smsd/gammu-smsd.log |
logformat = textall |
debuglevel = 0 |
service = sql |
driver = native_mysql |
user = $DB_USER |
password = $radiuspwd |
pc = localhost |
database = $DB_GAMMU |
RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms |
StatusFrequency = 30 |
LoopSleep = 2 |
;ResetFrequency = 300 |
;HardResetFrequency = 120 |
CheckSecurity = 1 |
CheckSignal = 1 |
CheckBattery = 0 |
EOF |
chmod 755 /etc/gammu_smsd_conf |
#Creation dossier de log Gammu-smsd |
mkdir /var/log/gammu-smsd |
chmod 755 /var/log/gammu-smsd |
#Edition du script sql gammu <-> radius |
$SED "10c u_db=\"$DB_USER\"" $DIR_DEST_BIN/alcasar-sms.sh |
$SED "11c p_db=\"$radiuspwd\"" $DIR_DEST_BIN/alcasar-sms.sh |
} # END gammu_smsd() |
################################# |
# Main Install loop # |
################################# |
1788,6 → 1719,7 |
then |
exit 0 |
fi |
echo "STOP" ; read a |
if [ -e $CONF_FILE ] |
then |
# Uninstall the running version |
/scripts/alcasar-sms.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-native |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
/scripts/alcasar-urpmi.sh |
---|
12,7 → 12,7 |
VERSION="4" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian ipset postfix mariadb ntp bind-utils openssh-server php-mysqli php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man pm-fallback-policy gammu usbutils locales-en " |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man" |
rpm_repository_sync () |
{ |
/scripts/sbin/alcasar-uninstall.sh |
---|
15,7 → 15,7 |
echo "-----------------------------------------------------------------------------" |
echo |
#services_stop |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd gammu-smsd |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd |
do |
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null |
done |
100,14 → 100,8 |
#param_squid |
echo -en "\n- param_squid(2) : " |
if [ -e /etc/squid/squid.conf ] |
then |
[ -e /etc/squid/squid.conf.default ] && mv /etc/squid/squid.conf.default /etc/squid/squid.conf && echo -n "1, " |
[ `ls /var/spool/squid/|wc -l` -ne "0" ] && rm -rf /var/spool/squid/* && echo -n "2" |
else |
echo -n "uninstalled" |
fi |
sleep 1 |
[ -e /etc/squid/squid.conf.default ] && mv /etc/squid/squid.conf.default /etc/squid/squid.conf && echo -n "1, " |
[ `ls /var/spool/squid/|wc -l` -ne "0" ] && rm -rf /var/spool/squid/* && echo -n "2" |
#param_dansguardian |
echo -en "\n- param_dansguardian(8) : " |
231,11 → 225,6 |
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "12" |
sleep 1 |
#gammu-smsd |
echo -en "\n- gammu-smsd(1) :" |
rm -f /etc/gammu_smsd_conf |
echo -n "1" |
#nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version) |
echo -en "\n- cleaning() : " |
for rm_fic in /usr/local/bin /usr/local/sbin /usr/local/etc |
/web/autoregistrationinfo.php |
---|
File deleted |
/web/intercept.php |
---|
106,8 → 106,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Tiempo en linea"; |
$l_remaining_time = "Tiempo restante"; |
$l_uam_domain = "Sitios web autorizados : "; |
$l_autoregistration = "Registo automático";} |
$l_uam_domain = "Sitios web autorizados : ";} |
else if ($Language == 'pt'){ |
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal."; |
$l_login = "Sucesso na autenticação.<HR>Matenha esse pop-up apenas minimizado para não interromper a conexão"; |
139,41 → 138,44 |
$l_reply_6 = "Seu tempo de conexão autorizada finalizou"; |
$l_online_time = "Tempo Online"; |
$l_remaining_time = "Tempo restante"; |
$l_uam_domain = "Sites autorizados : "; |
$l_autoregistration = "Registo automático";} |
$l_uam_domain = "Sites autorizados : ";} |
else if($Language == 'de'){ |
$l_ChilliError = "Die Authentifizierung ist erfolgreich durch die Nutzung des Portals erfolgt."; |
$l_login = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung"; |
$l_logout = "Beenden der Verbindung"; |
$l_loginfailed = "Authentifizierungsfehler Eigenverbrauch"; |
$l_loggingin = "Kennzeichnung auf dem Eigenverbrauch"; |
//$l_login = "Erfolgreiche Authentifizierung.<HR>Schlißen dieses fensters unterbricht die sitzung"; |
$l_login = "Anmeldung erfolgreich.<HR>Das Schließen dieses Fensters trennt die Verbindung"; |
//$l_logout = "Beenden der Verbindung"; |
$l_logout = "Verbindung beenden"; |
$l_loginfailed = "Anmeldung fehlgeschlagen"; |
$l_loggingin = "Sie sind Angemeldet"; |
$l_loggedcont = "Zutrittskontrolle"; |
$l_loggedout = "Ihre Sitzung ist geschlossen"; |
//$l_loggedout = "Ihre Sitzung ist geschlossen"; |
$l_loggedout = "Ihre Sitzung wurde beendet"; |
$l_user = "Benutzer"; |
$l_password = "Passwort"; |
$l_wait = "Bitte warten Sie einen Moment ..."; |
$l_onlinetime = "Online-Zeit:"; |
$l_remainingtime = "Abmelden:"; |
$l_encrypted = "Die Öffnung muß der Anschluß Zahlen"; |
$l_boutonO = "Authentifizierung"; |
$l_remainingtime = "Restzeit:"; // (NON UTILSE ?) |
$l_encrypted = "Die Verbindung muss verschlüsselt sein"; |
$l_boutonO = "Anmelden"; |
$l_boutonF = "Schließen"; |
$l_loggedin_stringl1 = "Information System Security"; |
$l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um ordnungsgemäß die Rückverfolgbarkeit, der Zurechenbarkeit und der Nicht-Anerkennung der Verbindungen."; |
$l_loggedin_stringl3 = "Ihre Tätigkeit im Netzwerk registriert ist nach Schutz der Privatsphäre."; |
$l_loggedin_stringl4 = "Die gespeicherten Daten nicht pouront genutzt werden, dass von einer Justizbehörde im Rahmen einer Untersuchung."; |
$l_loggedin_stringl5 = "Diese Daten werden automatisch gelöscht nach einem Jahr."; |
$l_loggedin_stringl6 = "Click <a href='$alcasarpath'>here</a> to change your password or to integrate the security certificate in your browser"; |
$l_loggedout_string = "Trennung des Portals erfolgt Gefangener!"; |
$l_reply_1 = "Your daily connexion time has been reached"; |
$l_reply_2 = "Your monthly connexion time has been reached"; |
$l_reply_3 = "You try to connect outside of your allowed timespan"; |
$l_reply_4 = "your account expired"; |
$l_reply_5 = "You have reached the maximum number of simultaneous logins"; |
$l_reply_6 = "Your authorized connexion time has been reached"; |
//$l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um ordnungsgemäß die Rückverfolgbarkeit, der Zurechenbarkeit und der Nicht-Anerkennung der Verbindungen."; |
$l_loggedin_stringl2 = "Dieses Portal wurde eingerichtet, um jeglichen Missbrauch durch den, eindeutig identifizierbaren, Benutzer zurückverfolgen zu können."; |
$l_loggedin_stringl3 = "Ihre Aktivität wird unter Beachtung der Privatsphäre aufgezeichnet."; #statt "Aktivitaet" kann auch "Sitzung" benutzt werden |
$l_loggedin_stringl4 = "Die gespeicherten Daten können nur im Falle einer Ermittlung von der Justiz genutzt werden."; |
//$l_loggedin_stringl4 = "Die gespeicherten Daten werden im Falle einer Ermittlung an die Justiz weitergegeben."; |
$l_loggedin_stringl5 = "Diese Daten werden nach einem Jahr automatisch geloescht."; |
$l_loggedin_stringl6 = "Klicken Sie <a href='$alcasarpath'>hier</a> um ihre Passwort zu ändern, oder um das Sicherheitszertifikat in ihren Browser zu integrieren"; |
$l_loggedout_string = "Trennung des Portals erfolgt !"; // à modifier |
$l_reply_1 = "Ihr Tages Limit ist aufgebraucht"; |
$l_reply_2 = "Ihr Monats Limit ist aufgebraucht"; |
$l_reply_3 = "Sie versuchen sich ausserhalb des erlaubten Zeitraumes anzumelden"; |
$l_reply_4 = "Ihr Benutzerkonto ist abgelaufen"; |
$l_reply_5 = "Sie haben die maximale Anzahl an gleichzeitigen Anmeldungen erreicht"; |
$l_reply_6 = "Ihr Zeit-Guthaben ist aufgebraucht"; |
$l_online_time = "Online-zeit"; |
$l_remaining_time = "Restzeit"; |
$l_uam_domain = "Autorisierten websites : "; |
$l_autoregistration = "Automatische registrierung";} |
$l_uam_domain = "Autorisierten websites : ";} |
else if($Language == 'nl'){ |
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst."; |
$l_login = "Succesvolle authenticatie.<HR>Dit venster te sluiten onderbreekt uw sessie."; |
205,8 → 207,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online tijd"; |
$l_remaining_time = "Reterende tijd"; |
$l_uam_domain = "Geautoriseerde website : "; |
$l_autoregistration = "Automatische registratie";} |
$l_uam_domain = "Geautoriseerde website : ";} |
else if($Language == 'fr'){ |
$l_ChilliError = "L'authentification doit être réussie sur le portail captif."; |
$l_login = "Authentification réussie.<HR>La fermeture de cette fenêtre interrompt votre session."; |
238,8 → 239,7 |
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte"; |
$l_online_time = "Temps de connexion"; |
$l_remaining_time = "Temps restant"; |
$l_uam_domain = "Sites autorisés : "; |
$l_autoregistration = "Auto enregistrement";} |
$l_uam_domain = "Sites autorisés : ";} |
else{ |
$l_ChilliError = "The authentication must be successful through the captive portal service."; |
$l_login = "Successful authentication.<HR>Closing this window interrupts your session"; |
271,8 → 271,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online time"; |
$l_remaining_time = "Remaining time"; |
$l_uam_domain = "Authorized websites : "; |
$l_autoregistration = "Auto registration";} |
$l_uam_domain = "Authorized websites : ";} |
# If https not use, tell it's wrong |
if (!(isset($_SERVER['HTTPS'])&&($_SERVER['HTTPS'] == 'on'))) { |
390,10 → 389,10 |
<html> |
<head> |
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"> |
<title>$l_loggingin</title> |
<meta http-equiv=\"Cache-control\" content=\"no-cache\"> |
<meta http-equiv=\"Pragma\" content=\"no-cache\"> |
<script type=\"text/javascript\" language=\"JavaScript\"> |
<title>$l_loggingin</title> |
<meta http-equiv=\"Cache-control\" content=\"no-cache\"> |
<meta http-equiv=\"Pragma\" content=\"no-cache\"> |
<script type=\"text/javascript\" language=\"JavaScript\"> |
alcasar_popup = null; |
function popUp(URL) { |
if (self.name != \"alcasar_popup\") { |
447,7 → 446,7 |
<input type=\"hidden\" name=\"userurl\" value=\"$userurl\"> |
<table id=\"boite-logon\"> |
<tr> |
<td width=\"20%\" rowspan=\"4\"><img id=\"logo-organ\" src=\"/images/organisme.png\"></td> |
<td width=\"20%\" rowspan=\"3\"><img id=\"logo-organ\" src=\"/images/organisme.png\"></td> |
<td width=\"30%\" align=\"right\">$l_user</td> |
<td width=\"50%\" align=\"left\"><INPUT type=\"text\" maxLength=\"32\" name=\"UserName\" autocomplete=\"off\"></td> |
</tr> |
455,22 → 454,12 |
<td align=\"right\">$l_password</td> |
<td align=\"left\"><INPUT maxLength=\"32\" type=\"password\" name=\"Password\" autocomplete=\"off\"></td> |
</tr> |
<tr>"; |
echo "</td><td height=\"23\" align=\"left\"><INPUT value=\"$l_boutonO\" type=\"submit\" name=\"button\" onclick=\"javascript:popUp('$statuspath')\"></td> |
"; |
$gammu_smsd=exec("pidof gammu-smsd"); |
if ($gammu_smsd != "") |
{ |
echo "<td height=\"23\" align=\"left\"><a target=\"_blank\" href=\"autoregistrationinfo.php\">$l_autoregistration</a></td></tr>"; |
} |
echo "</table> |
<tr> |
<td height=\"23\" colSpan=\"2\" align=\"center\"><INPUT value=\"$l_boutonO\" type=\"submit\" name=\"button\" onclick=\"javascript:popUp('$statuspath')\"></td> |
</tr> |
</table> |
</form> |
<table id=\"boite-info\" cellSpacing=\"0\" cellPadding=\"0\" width=\"80%\"> |
<table id=\"boite-info\" cellSpacing=\"0\" cellPadding=\"0\" width=\"100%\"> |
<tr> |
<td align=\"center\"><FONT color=\"red\"><B>$l_loggedin_stringl1</B></FONT></td> |
</tr> |
/web/acc/manager/htdocs/autoregistration.php |
---|
File deleted |
/web/acc/auth.php |
---|
6,7 → 6,6 |
$select[4]=$l_import_empty; |
$select[5]="Exceptions"; |
$select[6]="$l_activity"; |
$select[7]=$l_gammu; |
$fich[0]="manager/htdocs/user_new.php"; |
$fich[1]="manager/htdocs/find.php"; |
$fich[2]="manager/htdocs/group_new.php"; |
14,7 → 13,6 |
$fich[4]="manager/htdocs/import_user.php"; |
$fich[5]="admin/auth_exceptions.php"; |
$fich[6]="manager/activity.php"; |
$fich[7]="manager/htdocs/autoregistration.php"; |
$j=0; |
$nb=count($select); |
while ($j != $nb) |
/web/acc/menu.php |
---|
43,7 → 43,6 |
$l_stat_network="trafic réseau"; |
$l_security="sécurité"; |
$l_menu="Menu"; |
$l_gammu="Auto enregistrement (SMS)"; |
} |
else |
{ |
70,7 → 69,6 |
$l_stat_network="network traffic"; |
$l_security="security"; |
$l_menu="Main"; |
$l_gammu="Auto registration (SMS)"; |
} |
echo " |
<TABLE width=\"100%\" border=0 cellspacing=0 cellpadding=0> |
/web/images/signal_0.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/signal_40.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/signal_20.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/signal_60.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/signal_80.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/css/style_intercept.css |
---|
120,7 → 120,8 |
box-shadow: 0px 0px 12px #000; |
} |
#boite-logon { |
background-image: linear-gradient(#efefef, #d5d5d5); |
background-image: url(../images/fond-bdd_grand.png); |
background-repeat: repeat-x; |
padding: 10px; |
width: 420px; |
height: 189px; |
127,7 → 128,6 |
} |
#boite-logon TD { |
padding-top: 10px; |
padding-left: 30px; |
} |
#boite-info { |
border: 0px; |
/conf/gammu-smsd-db-vierge.sql |
---|
File deleted |
/conf/sudoers |
---|
6,7 → 6,7 |
# |
# Host alias specification |
Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme |
Host_Alias LAN_ORG=172.16.0.0/255.255.0.0,localhost #réseau de l'organisme |
# User alias specification |
User_Alias ADMIN=sysadmin # compte d'admin local de l'organisme |
User_Alias ADMWEB=apache # compte lié à l'interface de gestion |
25,7 → 25,6 |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed) |
Cmnd_Alias SERVICE=/sbin/service,/usr/bin/killall,/sbin/chkconfig,/bin/systemctl # pour gérer les services |
Cmnd_Alias SSL=/usr/bin/openssl # pour récupérer les info des certificats |
Cmnd_Alias GAMMU=/sbin/pidof,/usr/local/bin/alcasar-sms.sh # permet l'execution de gammu (droit root) |
# Defaults specification |
# Defaults syslog=auth |
45,6 → 44,6 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL,GAMMU |
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,GAMMU |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL |
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
/conf/logrotate.d/gammu |
---|
File deleted |